CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

CVE-2025-62603

Fast DDS (DDS security) CVE-2025-62603 arises from the CDR parser deserializing the entire DataHolderSeq in ParticipantGenericMessage, allowing an out-of-memory condition and remote termination. Affected versions prior to the patch (3.4.1, 3.3.1, 2.6.11) are addressed by the vendor, and remediati...

CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

CVE-2025-62603

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

CVE-2025-62602 FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readPropertySeq function when handling manipulated DATA Submessages with tampered length fields in the PIDIDENTITYTOKEN or PIDPERMISSIONTOKEN fields. An attacker can cause a remote out-of-memory...

CVE-2025-62599 eprosima Fast DDS affected by Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...

EUVD-2019-6203

Malware in sbrugna...

EUVD-2023-28076

Malicious code in bioql PyPI...

EUVD-2024-25347

Malicious code in bioql PyPI...

CVE-2019-15135

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

CVE-2019-15135

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

Design/Logic Flaw

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

CVE-2019-15135

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

CVE-2019-15135

The CVE-2019-15135 issue is in the handshake protocol of OMG DDS Security 1.1, which transmits cleartext information about a participant’s capabilities (including session-inapplicable ones). This leakage enables an attacker to discover potentially sensitive reachability information on a DDS netwo...